Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

exiting a chroot environment

by storri (Initiate)
on Jul 07, 2003 at 22:09 UTC ( [id://272120]=perlquestion: print w/replies, xml ) Need Help??

storri has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to figure out how to exit a chroot environment. The script that is a replacement for a root executed shell script. The code as I have it now is:

chdir("$target_dir"); chroot("$target_dir"); chdir("/"); .... Perform other work

How can I exit out of the chroot environment?

Replies are listed 'Best First'.
Re: exiting a chroot environment
by Abigail-II (Bishop) on Jul 07, 2003 at 22:36 UTC
    How can I exit out of the chroot environment?

    You can't. That's the entire point of a chrooted environment. If you could leave it, there would be no point of having chroot. BSD didn't call it jail without a reason!

    Abigail

      Freaky as it seems, you can on Linux¹ (Red Hat.)

      From chroot(2):

      Note that this call does not change the current working directory, so that `.' can be outside the tree rooted at `/'. In particular, the super-user can escape from a `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.

      I've confirmed that I can do it in perl with another chroot() to ./../../ (with enough ..s to get me to the real root from the CWD.) I guess "." isn't just symbolic?

      Ick.

      Thankfully, that's not portable. Other systems are sane.

      1. I figured I'd look at the manpage to see if it said "you can't do that" and much to my surprise...

      -sauoq
      "My two cents aren't worth a dime.";
      

        I wouldn't be as quick to declare that this is a Linux failing point. There are no guarantees made by any system that chroot() will ensure that exploits are not possible. chroot() is a UNIX hack to redefine /, and this is where its claim ends. If one truly wants a box to contain a user, one should consider using a virtual machine of some sort.

        It isn't that 'other systems are sane', but rather, 'other systems implement chroot() as a more elaborate hack.' The cost, of course, is performance, and code complexity. Is Linux wrong for not choosing this path? I don't believe so. I believe it is wrong for people to assume that silver bullets to their security problems exist... :-)

        Urg. I didn't realize Linux behaved so oddly. Yet another reason not to worship Linux (don't get me wrong, I make my money as a "Linux specialist"). Not only is Linux behaviour not portable, the entire chroot concept isn't. chroot is not part of the POSIX standard.

        Abigail

Re: exiting a chroot environment
by Anarion (Hermit) on Jul 08, 2003 at 08:48 UTC
    Breakin a chroot enviroment if you are root is trivial, you can:

    - chroot to another directory and then chdir .. because chroot doesn't change your current work dir.
    - use a descritor to outside of chroot an call fchdir
    - modify sys_call_table
    - call mknod and mount
    - use ptrace

    and sure there are more ...

    By now, chroot without kernel patches doesn't mean security at all.

    $anarion=\$anarion;

    s==q^QBY_^=,$_^=$[x7,print
Re: exiting a chroot environment
by LazerRed (Pilgrim) on Jul 08, 2003 at 00:21 UTC

    From the Solaris 8 Man:

    Maintenance Commands chroot(1M) NAME chroot - change root directory for a command SYNOPSIS /usr/sbin/chroot newroot command DESCRIPTION The chroot utility causes command to be executed relative to newroot. The meaning of any initial slashes (|) in the path names is changed to newroot for command and any of its child processes. Upon execution, the initial working directory is newroot. Notice that redirecting the output of command to a file, chroot newroot command >x will create the file x relative to the original root of command, not the new one. The new root path name is always relative to the current root. Even if a chroot is currently in effect, the newroot argument is relative to the current root of the running pro- cess. This command can be run only by the super-user. RETURN VALUES The exit status of chroot is the return value of command. EXAMPLES Example 1: Using the chroot utility. The chroot utility provides an easy way to extract tar files (see tar(1)) written with absolute filenames to a different location: example# cp /usr/sbin/static/tar /tmp example# dd if=/dev/nrst0 | chroot /tmp tar xvf - Note that tar is statically linked, so it is not necessary to copy any shared libraries to the newroot filesystem. ATTRIBUTES See attributes(5) for descriptions of the following attri- butes: SunOS 5.8 Last change: 20 Mar 1998 1 Maintenance Commands chroot(1M) ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________| SEE ALSO cd(1), tar(1), chroot(2), ttyname(3C), attributes(5) NOTES Exercise extreme caution when referencing device files in the new root file system. References by routines such as ttyname(3C) to stdin, stdout, and stderr will find that the device associated with the file descriptor is unknown after chroot is run.

    My thoughts, maybe you just need to run a single command from within your chroot'd environment? I pasted the man because of the example with the tar command, and it's absolute filenames. Heed the warnings at the end though :)

    Good Luck

Re: exiting a chroot environment
by bobn (Chaplain) on Jul 08, 2003 at 01:32 UTC
    I thought 'chroot' and 'jail' were somewhat separate, with chroot being used to execute things in a situation when root isn't root, such as: you've booted from a rescue disk, you mount the real (hard drive) / as /mnt/hda and then use

    chroot /mnt/hda...<command>

    so that things dependent on relative paths work right.

    --Bob Niederman, http://bob-n.com
Re: exiting a chroot environment
by zentara (Archbishop) on Jul 08, 2003 at 16:43 UTC
    $anarion stated: By now, chroot without kernel patches doesn't mean security at all.

    If you want a good kernel patch to restrict chroot, check out the grsecurity patch. grsecurity

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://272120]
Approved by sauoq
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (8)
As of 2024-03-28 19:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found